From 1392a7c181e6507ef7f7a1544da8dafe6d3b0ce8 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 6 Jan 2025 08:36:41 -0600
Subject: [PATCH] jenkins: Add storage for Gentoo Portage/binpkgs

Jenkins that build Gentoo-based systems, like Aimee OS, need a
persistent storage volume for the Gentoo ebuild repository. The Job
initially populates the repository using `emerge-webrsync`, and then the
CronJob keeps it up-to-date by running `emaint sync` daily.

In addition to the Portage repository, we also need a volume to store
built binary packages.  Jenkins job pods can mount this volume to make
binary packages they build available for subsequent runs.

Both of these volumes are exposed to use cases outside the cluster using
`rsync` in daemon mode.  This can be useful for e.g. local builds.
---
 jenkins/gentoo-storage.yaml | 170 ++++++++++++++++++++++++++++++++++++
 jenkins/kustomization.yaml  |   1 +
 2 files changed, 171 insertions(+)
 create mode 100644 jenkins/gentoo-storage.yaml

diff --git a/jenkins/gentoo-storage.yaml b/jenkins/gentoo-storage.yaml
new file mode 100644
index 0000000..6dc76ac
--- /dev/null
+++ b/jenkins/gentoo-storage.yaml
@@ -0,0 +1,170 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: portage
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: portage
+    app.kubernetes.io/component: gentoo
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 4Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: binpkgs
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: binpkgs
+    app.kubernetes.io/component: gentoo
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gentoo-dist
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: gentoo-dist
+    app.kubernetes.io/component: gentoo
+data:
+  rsyncd.conf: |+
+    [gentoo-portage]
+    path = /var/db/repos/gentoo
+
+    [binpkgs]
+    path = /var/cache/binpkgs
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gentoo-dist
+  namespace: jenkins-jobs
+spec:
+  selector:
+    app.kubernetes.io/name: gentoo-dist
+    app.kubernetes.io/component: gentoo
+  ports:
+  - name: rsync
+    port: 873
+    targetPort: rsync
+  type: NodePort
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gentoo-dist
+  namespace: jenkins-jobs
+  labels: &labels
+    app.kubernetes.io/name: gentoo-dist
+    app.kubernetes.io/component: gentoo
+spec:
+  selector:
+    matchLabels: *labels
+  template:
+    metadata:
+      labels: *labels
+    spec:
+      containers:
+      - name: rsync
+        image: docker.io/gentoo/stage3
+        command:
+        - /usr/bin/rsync
+        - --daemon
+        - --no-detach
+        - --port=8873
+        - --log-file=/dev/stderr
+        ports:
+        - name: rsync
+          containerPort: 8873
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsUser: 250
+          runAsGroup: 250
+        volumeMounts:
+        - mountPath: /etc/rsyncd.conf
+          name: config
+          subPath: rsyncd.conf
+        - mountPath: /var/db/repos/gentoo
+          name: portage
+        - mountPath: /var/cache/binpkgs
+          name: binpkgs
+      volumes:
+      - name: binpkgs
+        persistentVolumeClaim:
+          claimName: binpkgs
+      - name: config
+        configMap:
+          name: gentoo-dist
+      - name: portage
+        persistentVolumeClaim:
+          claimName: portage
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: emerge-webrsync
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: emerge-webrsync
+    app.kubernetes.io/component: gentoo
+spec:
+  template:
+    spec:
+      containers:
+      - name: sync
+        image: docker.io/gentoo/stage3
+        command:
+        - emerge-webrsync
+        volumeMounts:
+        - mountPath: /var/db/repos/gentoo
+          name: portage
+      restartPolicy: OnFailure
+      volumes:
+      - name: portage
+        persistentVolumeClaim:
+          claimName: portage
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: sync-portage
+  namespace: jenkins-jobs
+  labels:
+    app.kubernetes.io/name: sync-portage
+    app.kubernetes.io/component: gentoo
+spec:
+  schedule: 4 19 * * *
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: sync
+            image: docker.io/gentoo/stage3
+            command:
+            - emaint
+            - sync
+            volumeMounts:
+            - mountPath: /var/db/repos/gentoo
+              name: portage
+          restartPolicy: OnFailure
+          volumes:
+          - name: portage
+            persistentVolumeClaim:
+              claimName: portage
diff --git a/jenkins/kustomization.yaml b/jenkins/kustomization.yaml
index 0abd2bc..3ed3e9c 100644
--- a/jenkins/kustomization.yaml
+++ b/jenkins/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
 - jenkins.yaml
 - secrets.yaml
 - iscsi.yaml
+- gentoo-storage.yaml
 
 configMapGenerator:
 - name: ssh-known-hosts